| ▲ | Show HN: s@: decentralized social networking over static sites(satproto.org) |
| 91 points by remywang 3 hours ago | 29 comments |
| |
|
| ▲ | neilv 17 minutes ago | parent | next [-] |
| > By convention, the client looks under /satellite/ by default. If that path is already taken, place a satproto_root.json file at the domain root containing { "sat_root": "my-custom-repo" } — the client checks this first. Would a `/.well-known/` be helpful here? https://en.wikipedia.org/wiki/Well-known_URI |
| |
|
| ▲ | _pdp_ an hour ago | parent | prev | next [-] |
| Long ago there was this thing called foaf https://en.wikipedia.org/wiki/FOAF and also https://en.wikipedia.org/wiki/Pingback ... it was the closest I've seen to completely decentralised social media. |
| |
| ▲ | notpushkin a minute ago | parent [-] | | Webmention is the modern counterpart: https://indieweb.org/Webmention (The IndieWeb wiki is probably the best resource for exploring the personal website-based social networking tech nowadays. I recommend the author check it out and maybe iterate on that instead :) |
|
|
| ▲ | Retr0id an hour ago | parent | prev | next [-] |
| I wish I could share a graph of my eyebrow height over time as I read through this part: > sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores. |
| |
| ▲ | nine_k 19 minutes ago | parent | next [-] | | Your app picks up a bunch of feeds and composes them into a nice page for you, much like an RSS feed reader. The twist is that each feed is encrypted in a way that only you can decrypt, so the cryptography also gives strong identity guarantees, and allows for private messaging. It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven. As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity. | | |
| ▲ | Retr0id 18 minutes ago | parent [-] | | > The twist is that each feed is encrypted in a way that only you can decrypt Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...) |
| |
| ▲ | Retr0id an hour ago | parent | prev | next [-] | | But in all fairness it seems like a reasonable system, given the narrow scope of its goals. It does not scale, but that's on purpose. Although I could still see "Feed Aggregation" becoming impractical even with a small number of friends with a modest number of posts. Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen. | |
| ▲ | RobRivera an hour ago | parent | prev | next [-] | | So a database, that you can send a network response or request with that data, that when received by a client, builds a static website. I see. I see... | |
| ▲ | behehebd 24 minutes ago | parent | prev [-] | | > Key Rotation (Unfollow) _ /
. .
|
|
|
| ▲ | MattCruikshank 9 minutes ago | parent | prev | next [-] |
| Amazing. I'm building almost the exact same thing. I'll share mine when it's mature enough. :D |
|
| ▲ | est 2 hours ago | parent | prev | next [-] |
| Seems a bit complicated. Why not use git for social networking ;) https://github.com/est/gitweets |
|
| ▲ | givemeethekeys 10 minutes ago | parent | prev | next [-] |
| This needs a YouTube demo video. |
|
| ▲ | evbogue 42 minutes ago | parent | prev | next [-] |
| This obviously needs some iteration on the protocol design as other commenters have mentioned, but I'd still be up for partnering up over here at https://anproto.com/ |
|
| ▲ | vexnull an hour ago | parent | prev | next [-] |
| Interesting approach. The static-site constraint is clever for self-sovereignty but I wonder how feed aggregation scales once you follow more than a handful of people - you're polling N sites with no push mechanism. Nostr solved the discovery/aggregation problem with relays but introduced its own tradeoffs (relay trust, spam). This sits at the opposite end - zero infrastructure dependencies but O(N) polling. Feels like there's a middle ground waiting to be found. |
| |
| ▲ | 8organicbits 5 minutes ago | parent | next [-] | | That should scale pretty well. The HTTP fetch of posts/index.json could use conditional get requests to avoid downloading the body when there are no changes. Static files are dirt cheap to serve. | |
| ▲ | iamnothere an hour ago | parent | prev | next [-] | | Does the polling need to be fast? I think back to mailing lists and the huge delays involved in those conversations. Yet they were/are often very productive. Somewhere between Twitter/X speed and mailing list speed might be acceptable. Maybe this would be better with a LiveJournal style interface. Medium length posts with threaded comments/replies are an underrated format. | |
| ▲ | bandrami 38 minutes ago | parent | prev [-] | | Maybe that's a feature rather than a bug |
|
|
| ▲ | flaxxer 13 minutes ago | parent | prev | next [-] |
| Nostr https://nostr.com/ |
| |
| ▲ | DANmode 5 minutes ago | parent [-] | | Real question for people who know what they’re talking about: is perfect forward secrecy no longer considered valuable? |
|
|
| ▲ | koolala an hour ago | parent | prev | next [-] |
| Signed JSON reminds me of Nostr. I wish Nostr was somehow more mainstream. |
|
| ▲ | extraduder_ire 44 minutes ago | parent | prev | next [-] |
| Seems like a missed opportunity to not put a /satellite/satproto.json file on that site. |
|
| ▲ | dharmatech 2 hours ago | parent | prev | next [-] |
| See also org social: https://github.com/tanrax/org-social |
| |
|
| ▲ | superkuh 2 hours ago | parent | prev [-] |
| satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon. This is not true of indieweb's web mention: https://indieweb.org/Webmention It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between. Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html |
| |
| ▲ | koolala an hour ago | parent | next [-] | | I wonder what the signing is for if you already have a domain name to verify your authorship. | | |
| ▲ | Retr0id 21 minutes ago | parent [-] | | It doesn't use signing, aside from the signing that exists within TLS | | |
| ▲ | notpushkin 2 minutes ago | parent [-] | | I think they mean in s@. ...which doesn’t do signing, but does do E2E encryption? So it’s more like DMs-over-HTTPS. |
|
| |
| ▲ | isodev an hour ago | parent | prev [-] | | Webmention is cool indeed. Also one of few techniques that’s currently free of some corp’s greedy roadmap |
|
